1644-Cloud Computing-Assignment 1 brief (Pass), Summaries of Information Technology

1644-Cloud Computing-Assignment 1 brief (Pass)

Typology: Summaries

2022/2023

Uploaded on 09/06/2023

Kevin12_45
Kevin12_45 🇻🇳

11 documents

1 / 26

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Assignment Brief 1 (RQF)
Higher National Certificate/Diploma in Computing
Student Name/ID Number:
Unit Number and Title: Unit 5: Security
Academic Year: 2021 – 2022
Unit Assessor: Van Ho
Assignment Title: Security Presentation
Issue Date: April 1st, 2021
Submission Date: 26/04/2023
Internal Verifier Name:
Date:
Submission Format:
Format:
The submission is in the form of an individual written report. This should be written in a concise,
formal business style using single spacing and font size 12. You are required to make use of
headings, paragraphs and subsections as appropriate, and all work must be supported with
research and referenced using the Harvard referencing system. Please also provide a bibliography
using the Harvard referencing system.
Submission
Students are compulsory to submit the assignment in due date and in a way requested by the
Tutor.
The form of submission will be a soft copy posted on http://cms.greenwich.edu.vn/ .
Remember to convert the word file into PDF file before the submission on CMS.
Note:
The individual Assignment must be your own work, and not copied by or from another student.
If you use ideas, quotes or data (such as diagrams) from books, journals or other sources, you
must reference your sources, using the Harvard style.
Make sure that you understand and follow the guidelines to avoid plagiarism. Failure to comply
this requirement will result in a failed assignment.
Unit Learning Outcomes:
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a

Partial preview of the text

Download 1644-Cloud Computing-Assignment 1 brief (Pass) and more Summaries Information Technology in PDF only on Docsity!

Assignment Brief 1 (RQF)

Higher National Certificate/Diploma in Computing

Student Name/ID Number: Unit Number and Title: Unit 5: Security Academic Year: 2021 – 2022 Unit Assessor: Van Ho Assignment Title: Security Presentation Issue Date: April 1st, 2021 Submission Date: 26/04/ Internal Verifier Name: Date: Submission Format: Format: ● The submission is in the form of an individual written report. This should be written in a concise, formal business style using single spacing and font size 12. You are required to make use of headings, paragraphs and subsections as appropriate, and all work must be supported with research and referenced using the Harvard referencing system. Please also provide a bibliography using the Harvard referencing system. Submission ● Students are compulsory to submit the assignment in due date and in a way requested by the Tutor. ● The form of submission will be a soft copy posted on http://cms.greenwich.edu.vn/. ● Remember to convert the word file into PDF file before the submission on CMS. Note: ● The individual Assignment must be your own work, and not copied by or from another student. If you use ideas, quotes or data (such as diagrams) from books, journals or other sources, you must reference your sources, using the Harvard style. Make sure that you understand and follow the guidelines to avoid plagiarism. Failure to comply this requirement will result in a failed assignment. Unit Learning Outcomes:

LO1 Assess risks to IT security. LO2 Describe IT security solutions. Assignment Brief and Guidance: Assignment scenario You work as a trainee IT Security Specialist for a leading Security consultancy in Vietnam called FPT Information security FIS. FIS works with medium sized companies in Vietnam, advising and implementing technical solutions to potential IT security risks. Most customers have outsourced their security concerns due to lacking the technical expertise in house. As part of your role, your manager Jonson has asked you to create an engaging presentation to help train junior staff members on the tools and techniques associated with identifying and assessing IT security risks together with the organizational policies to protect business critical data and equipment. Tasks In addition to your presentation, you should also provide a detailed report containing a technical review of the topics covered in the presentation. Your presentation should:  Identify the security threats FIS secure may face if they have a security breach. Give an example of a recently publicized security breach and discuss its consequences  Describe a variety of organizational procedures an organization can set up to reduce the effects to the business of a security breach.  Propose a method that FIS can use to prioritize the management of different types of risk  Discuss three benefits to FIS of implementing network monitoring system giving suitable reasons.  Investigate network security, identifying issues with firewalls and IDS incorrect configuration and show through examples how different techniques can be implemented to improve network security.  Investigate a ‘trusted network’ and through an analysis of positive and negative issues determine how it can be part of a security system used by FIS. Your detailed report should include a summary of your presentation as well as additional, evaluated or critically reviewed technical notes on all of the expected topics.

IV - Identify the potential impact to IT security of incorrect configuration of firewall policies and

I - Identify types of security threat to organisations. Give an example of a recently

publicized security breach and discuss its consequences (P1)

1. Security threats agent to organization 1.1. Define Threat Threats refer to potential harm, danger, negative impacts or any kind of actions, events or situations that can cause damage, harm or loss to a person, organization or system. In the context of cyber security, threats can include malicious software, phishing attacks, hacking attempts or any other form of intentional or accidental action that can cause harm to computer systems, networks or data. Threats can also come from natural disasters, accidents or human error. The presence of threats highlights the need for proactive measures such as risk management, security protocols and disaster recovery planning to prevent or mitigate potential harm. 1.2. Identify threats agents to organization Hackers and Cybercriminals : These are individuals or groups that use technology to gain unauthorized access to an organization's systems or data. Malware : Malware is malicious software designed to disrupt an organization's operations, steal data, or damage its systems. Insiders : These are employees, contractors or partners who have access to an organization's sensitive information and systems and can misuse them for financial gain or personal motives 1.3. Type of threats that organization will face 1.3.1. Insider threat Insider threats occur when individuals close to an organization knowingly misuse access to an organization's internal network to adversely affect the organization's critical data Malicious insiders attempt to circumventing cyber security protocols to erase data, steal data for later sale or exploitation, disrupt operations, or harm a business. (Rosencrance, 2021) 1.3.2. Viruses and worms Viruses and worms are malicious software programs (malware) that aim to destroy an organization's systems and data. (Rosencrance, 2021) Viruses: A virus is a malicious piece of code capable of replicating itself by copying itself into another host program or file. It will not work when someone activates it to spread without the permission of the system or the user. As online protection dangers proceed to advance and turn out to be more refined, venture IT should stay watchful with regards to safeguarding their information and organizations. To do that, they initially need to comprehend the kinds of safety dangers they're facing. (Rosencrance, 2021) 1.3.3. Botnet A botnet is an assortment of Internet-associated gadgets, including PCs, cell phones, servers and IoT gadgets that are contaminated and somewhat constrained by a typical sort of malware.Commonly used to send large amounts of spam, perform DDoS attacks, and steal data/credentials. The danger entertainers - - regularly cybercriminals - - that control these botnets use them to send email spam, take part in click misrepresentation crusades and produce noxious traffic for disseminated disavowal of-administration assaults. (Rosencrance, 2021)

1.4. What are the recent security breaches? List and give example with dates

1.4.1. ChipMixer From 2017 to present, ChipMixer is a cryptocurrency “mixing” service similar to Tornado Cash (TORN). However, it is developed for the dark net market

Figure 1 : ChipMixer 1.4.2. Costa Rica The begin of the year 2022, Conti attack Costa Rica. they attacked the finance ministry and the social security fund, freezes all import and export activities. Figure 2 : Costa Rica and Conti 1.4.3. Lazarus At the end of March 2022, the Lazarus team successfully entered Ethereum and USDC from the Ronin block-chain network. Previously, in February, attackers exploited a vulnerability in Wormhole's system and stole assets.

1.5. Discuss the consequences of this breach

1.5.1. Financial Loss Over the last five years, the average worldwide cost of a data breach has increased by 12 percent to £3. million. Compensation for impacted consumers, incident response activities, investigation of the breach, and legal fees are all possible costs. A breach can also have a substantial impact on the share price and valuation of a firm. This is precisely what happened to Yahoo when it was compromised in 2013, just as it was ready to be acquired by Verizon 1.5.2. Reputation Damage Customers in retail, banking, and healthcare will quit doing business with companies that have been compromised by up to one-third. 85 percent will tell others about their encounter, and 33.5 percent will express their rage on social media. Long-term reputation harm will have an influence on an organization's capacity to attract new consumers and future investment. 1.5.3. Operational Downtime Following a data breach, business activities are frequently significantly affected. It is possible that operations will have to be fully shut down until investigators have received all of the information they want. Depending on the severity of the breach, this procedure might take days or weeks. This can have a significant impact on income and the ability of an organization to recover.

Physical Security: Physical security weaknesses that allow unauthorized access to premises or data centre can lead to theft, sabotage, or other malicious activities. Social Engineering: Social engineering attacks can trick individuals into revealing sensitive information or providing access to systems or networks. These attacks include phishing, pretexting, and baiting. Lack of Proper Policies and Procedures: Organizations can face security threats due to a lack of established policies and procedures. Without clear guidelines, employees may not know how to identify and handle potential security incidents, and security risks may go undetected. Compliance and Regulatory Risk: Depending on the industry, an organization may face regulatory or compliance risks due to non-compliance with relevant laws, regulations, or standards.

3. The Tools Will I Propose To Treat IT Security Risks Firewall: Firewalls are security devices that monitor and control network traffic. They can help detect and prevent unauthorized access to an organization's network. Intrusion Detection and Prevention Systems (IDS/IPS): IDS/IPS assess network traffic for potential security breaches and can automatically respond to such incidents. These systems can help to detect and stop attacks before they can cause significant damage. Vulnerability Scanners: Vulnerability scanners are software tools that can identify potential vulnerabilities in an organization's systems and applications. This information can then be used to take action to re- mediate the vulnerabilities. Endpoint Protection : Endpoint protection tools aim to protect individual employee devices from potential Malware and other security threats. Data Recovery and Backup Tools: Data recovery and backup tools can be used to create backup copies of critical data and applications, and can help to recover files in the event of a security breach or data loss. Identity and Access Management Tools: Identity and access management tools can help to control access to an organization's systems and applications, and prevent unauthorized access. Security Information and Event Management (SIEM) Systems: SIEM systems collect and analyze log data from a variety of sources, helping security professionals to detect and respond to security incidents. Encryption Tools: Encryption tools can be used to secure sensitive data and communications, preventing unauthorized access or interception.

III- Describe at least 3 organisational security procedures (P2)

1. Security Procedures Security procedures are comprehensive, step-by-step guides for carrying out, enabling, or enforcing the security measures listed in your company's security policies. Both the numerous hardware and software elements that support your business processes and any security- related business processes themselves should be covered by security procedures Security procedures are also a set of established steps or guidelines that an organization or individual must follow to protect against security threats 2. The purpose of security procedures and why they are needed in an Organization The purpose of security procedures is to guarantee consistency in the application of a security control or in the performance of a business process that is related to security. They must be followed each time a control needs to be put into place or a security-related business operation is carried out. Following the check-list ensures consistency of behaviour each and every time. Even though they may have executed the check-list hundreds of times, there is risk in relying on memory to execute the check-list as there could be some distraction that causes them to forget or overlook a critical step.

3. Three organizational security procedures 3.1. Anti-virus procedure 3.1.1. Definition An anti-virus program is made to find and get rid of Malware such as viruses from your laptop or computer. Malware can steal your data, encrypt it so you can't access it, or even entire wipe it if it has access to your computer or laptop. Figure 3 : Anti Viruses Procedure 3.1.2. Steps of Anti-Virus procedure Step 1: Install and update anti-virus software Install a reputable anti-virus software on your computer, and ensure that it is updated regularly to provide the best protection. Step 2: Run a quick scan Perform a quick scan of your computer for viruses and Malware. The quick scan will scan the most widely used system files and folders. Run a full system scan: Perform a full system scan to ensure that all the files and folders on your computer are checked for Malware and viruses. Step 3: Remove any detected threats If your anti virus software detects any threats, it will provide an option to remove them from your computer. Make sure to follow the prompts and remove any detected threats. Update your operating system: Make sure your operating system is up to date, as software updates can provide patches and fixes for any known vulnerabilities. Step 4: Be cautious of email attachments Be careful when opening email attachments, especially those from unknown senders. Avoid suspicious downloads: Avoid downloading files or software from untrustworthy sources or websites. Regularly backup your data: Perform regular backups of your data to ensure that you don't lose any important files if your computer becomes infected with viruses or Malware. Step 5: Use strong passwords Use strong and complex passwords, and avoid using the same password for multiple accounts. Educate yourself: Stay informed of the latest security threats and learn how to spot them. Regularly educate yourself and your employees, if applicable, on how to use online services safely. 3.1.3. Demonstrative Example of Anti-Virus procedure The most recent viruses and Malware are protected against by modern anti-virus software thanks to automatic updates. The operating systems that operate on computers that run Windows and Apple typically come with anti-virus software for no additional cost

Figure 5 : Process of Encryption Procedure 3.2.3. Demonstration example of Encryption procedure Choose a key: Let's choose a random 256-bit key for our message encryption. This key is used to scramble the message and ensure its confidentiality. Convert the plain text to binary: We first convert the plain text message "Hello World" to binary format. Each letter is represented by its unique ASCII code in binary format. Add padding: The AES algorithm works on blocks of fixed size. If the input message is not an exact multiple of the block size, padding is added to make the message the correct size. We will assume that our message is already the correct size for simplicity. Encrypt the message: We use the chosen key to encrypt the message using the AES algorithm. This is done by dividing the input message into 128-bit blocks, and applying the encryption algorithm to each block using the chosen key. Transmit or store the cipher text: The output of the encryption algorithm is the cipher text message. This message is now in binary format and can be transmitted or stored securely. To decrypt the cipher text message, the same key is used to reverse the encryption process. Each encrypted block is decrypted using the AES decryption algorithm with the same key. Then, the binary message will be converted back to its original plain text format. It is essential to choose a suitable encryption algorithm and properly manage the encryption keys to ensure data confidentiality and integrity. Figure 6 : Example of Encryption procedure

3.3. Password procedure 3.3.1. Definition The Password Procedure tries to define standards for producing safe passwords, safeguarding them, and establishing how frequently they ought to be changed. Every authorized user is in charge of choosing and keeping up their own password in compliance with the requirements and standards. Only users who can validate their access will be able to access data and programs thanks to password protection. 3.3.2. Steps of Password procedure The steps involved in password procedure are as follows: Step 1: Choose a strong password The first step in creating a strong password is choosing a combination of characters that are difficult to guess or crack. A strong password typically consists of a mix of lower-case and upper-case letters, numbers, and symbols. Step 2: Use a unique password It is important to use a unique password for each account or login. This helps prevent hackers from accessing all of your accounts if one password is compromised. Step 3: Change passwords regularly Regularly changing passwords can help ensure that sensitive information stays secure. It is recommended to change passwords every three to six months. Step 4: Store passwords securely Passwords should be stored securely, away from prying eyes, and not be shared with others. You can consider using password manager software to securely store your passwords. Step 5: Use two-factor authentication Two-factor authentication adds an extra layer of security to your account login by requiring a second form of identification, such as a code or fingerprint, in addition to the password. Step 6: Be cautious of phishing scams Phishing scams are a common method used by hackers to trick users into revealing their passwords. Be cautious of any suspicious emails or messages requesting your login credentials. 3.3.3. Demonstration example Password procedure Here is an example of a good password procedure: Choose a strong password: Suppose we want to create a strong password for our email account. We choose a password that consists of a random combination of upper-case and lower-case letters, numbers, and symbols such as "hN6%Wk8@p#s". Use a unique password: We use the above password only for our email account and not for any other online account. This ensures that if our email password is compromised, the hacker cannot access any of our other accounts with the same password. Change passwords regularly: We make a habit of changing our password every three to six months. We select a new, strong password each time. Store passwords securely: We do not write down our passwords or store them in our computer or phone. Instead, we use a secure password manager that is protected by a master password. Use two-factor authentication: We enable two-factor authentication for our email account. This requires us to enter a unique code sent to our phone in addition to our password when logging in. Be cautious of phishing scams: We are always on the lookout for phishing scams. We do not click on suspicious links or open suspicious attachments in emails.

Both the Network and Host Firewalls defend the same operating environment, and control redundancy (two independent and different firewalls) adds extra security in the case of a hack or failure. In all cases where Sensitive Data is kept or processed, a Network Firewall is necessary, and the operating system allows the installation. 1.3. The advantages of Firewall in a network Here are the great benefits that a firewall brings to your computer: Prevent attacks on your private network by other networks outside the world. It allows you to define a funnel, keeping aside the non-authorized users. Allow monitoring of the security of your network and computer when suspicious activity occurs, it will generate an alarm. Monitor and record services using WWW (World Wide Web), FTP (File Transfer Protocol), and other protocols. Control the use of the Internet. It helps to block or un-block inappropriate or appropriate material 1.4. How does a firewall provide security to a network? A firewall is a device that acts as a barrier or filter between your computer and another network, such as the internet. It detects and stops unauthorized traffic to your operating system. This involves preventing unwanted incoming network traffic as well as verifying access by scanning network traffic for anything harmful, such as hackers and viruses. A firewall can help secure your computer and data by regulating network traffic. This is accomplished by blocking unsolicited and undesirable inbound network traffic. A firewall validates access by scanning incoming traffic for dangerous content such as hackers and viruses that might infect your machine. Figure 9 : How does a Firewall provide security to a network

2. Diagrams the example of how firewall works

Figure 10 : Diagram the example of how firewall works

3. Intrusion detection system (IDS)

3.1. Definition A tool or piece of software called an Intrusion Detection System (IDS) works with your network to keep it secure and alert you when someone tries to access your data. It can be difficult to choose which IDS to employ because there are so many different types and tools available. 3.2. The usage of IDS Intrusion detection systems (IDSes) are used to identify anomalies in order to capture hackers before they do significant harm to a network. IDSes can be network- or host-based, and they are installed on both the client computer and the network. Intrusion detection systems identify known attacks or deviations from regular activity by looking for signs of known attacks. These deviations or abnormalities are moved up the stack occurrences such as Christmas tree scans and DNS poisonings. 3.3. Diagram the example of how IDS works Figure 11 : Diagram the example of how IDS works

firewalls to filter and control traffic entering and leaving the DMZ. In a typical DMZ configuration, public- facing servers are located in the DMZ and are accessible from the internet, while internal servers and resources remain hidden from the outside world. The DMZ has three networks: the public network (internet), the DMZ network, and the internal network. The firewalls are typically configured to allow specific types of inbound and outbound traffic to and from DMZ servers while blocking all other traffic. This helps prevent unauthorized access to internal servers and resources while still allowing public users to access public-facing servers. 1.3. The advantages of using a DMZ Enhanced security : By isolating public-facing servers in a DMZ, sensitive internal resources and data are protected from direct exposure to the internet or other untrusted networks. This can help prevent unauthorized access and limit the impact of malicious attacks. Improved reliability: DMZs can improve the availability and reliability of public-facing servers by providing an additional layer of security against attacks that could otherwise disrupt service 1.4. The Aid Of Diagram DMZ Figure 14 : The Aid of Diagram DMZ

2. Internet Protocol (IP) 2.1. Definition A protocol, or collection of rules, known as the Internet Protocol (IP) is used to address and route data packets so they can move between networks and reach their intended location. The tiny units of data that travel over the Internet are referred to as packets. Each packet has IP information attached to it, which aids routers in sending packets to the appropriate location. Data arrives where it is needed thanks to packets being routed to the IP address associated with each device or domain that connects to the internet. A static IP address is one that is manually configured and does not change over time, different from the one through the DHCP server. This type of IP will be the exact opposite of a dynamic (changeable) IP. Static IP is often used for groups of people or businesses

Figure 15 : Definition Internet Protocol 2.2. How static IP works? When a device with a static IP connects to a network, it is assigned its unique IP address, subnet mask, gateway, and DNS server settings. Other devices on the network can then communicate with the device using its static IP address Static IP addresses are often used in situations where a device needs to have a fixed and predictable network address, such as in server environments, where servers need to be accessible from the internet or a local network consistently. It's important to note that static IP addresses may require additional configuration and management, but they can also provide greater control and stability over network connections compared to dynamic IP addresses A static IP (Internet Protocol) address is a fixed address that is assigned to a device, such as a computer or a router, and remains constant over time. This is in contrast to dynamic IP addresses, which are assigned by DHCP (Dynamic Host Configuration Protocol) servers and can change over time. When a device has a static IP address, its address is manually configured by an administrator or user. This involves assigning a specific IP address, subnet mask, default gateway, and DNS server to the device. These settings are stored in the device's network configuration settings and remain unchanged until manually modified. Static IP addresses are often used in situations where a device needs to have a fixed and predictable network address, such as in server environments, where servers need to be accessible from the internet or a local network consistently. It's important to note that static IP addresses may require additional configuration and management, but they can also provide greater control and stability over network connections compared to dynamic IP addresses. 2.3. The Advantages Of Using Static IP Enhanced reliability : Static IP addresses are fixed, which means they are more reliable than dynamic IP addresses that can change frequently. For example, in a server environment where the IP address of a server must remain constant, a static IP address ensures uninterrupted service. Better control: With a static IP address, network administrators have more control over their network devices. They can easily manage and monitor devices on the network and can route traffic to specific devices more efficiently. Easier remote access: Static IP addresses make it easier to remotely access devices on a network. This is because a fixed IP address can be used to remotely connect to a device, even if the device has been restarted or its IP address has changed. Hosting Services: Static IP addresses are essential for hosting services such as web servers, email servers, and FTP servers. With a static IP address, hosting providers can easily associate a domain name with a fixed IP address, and clients can connect to the services reliably.